This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
tutorial:adm:server_preparation_win [2019/06/03 12:40]
cernym [HTTPd installation and configuration]
tutorial:adm:server_preparation_win [2019/11/28 13:27] (current)
fiserp [HTTPd installation and configuration]
Line 303: Line 303:
 Configure the HTTPS virtual host in the ''​C:​\Apache24\conf\extra\httpd-ssl.conf''​ file. Change ''​demo.czechidm.com''​ to the name of your server. Configure the HTTPS virtual host in the ''​C:​\Apache24\conf\extra\httpd-ssl.conf''​ file. Change ''​demo.czechidm.com''​ to the name of your server.
 +<​note>​In some cases older clients (i.e. IE10 and older, Java6, etc.) will not be able to communicate with IdM due to the SSL settings. If this is your case, you may need to slacken the cipher settings a bit.</​note>​
 <file apache httpd-ssl.conf>​ <file apache httpd-ssl.conf>​
 Listen 443 Listen 443
 SSLProxyCipherSuite HIGH:​MEDIUM:​!MD5:​!RC4:​!3DES SSLProxyCipherSuite HIGH:​MEDIUM:​!MD5:​!RC4:​!3DES
 SSLHonorCipherOrder on  SSLHonorCipherOrder on 
-SSLProtocol all -SSLv2 -SSLv3+SSLProtocol all -SSLv2 -SSLv3 ​-TLSv1 -TLSv1.1
 SSLProxyProtocol all -SSLv2 -SSLv3 SSLProxyProtocol all -SSLv2 -SSLv3
 SSLPassPhraseDialog ​ builtin SSLPassPhraseDialog ​ builtin
 SSLSessionCache ​       "​shmcb:​c:/​Apache24/​logs/​ssl_scache(512000)"​ SSLSessionCache ​       "​shmcb:​c:/​Apache24/​logs/​ssl_scache(512000)"​
 SSLSessionCacheTimeout ​ 300 SSLSessionCacheTimeout ​ 300
 <​VirtualHost _default_:​443>​ <​VirtualHost _default_:​443>​
Line 377: Line 379:
                 SecRuleRemoveById 200003                 SecRuleRemoveById 200003
         </​Location>​         </​Location>​
 +        ​
 + # Modsec can throw false positives on some files due to multipart boundary check
 + <​Location "/​idm/​api/​v1/​attachments/​upload">​
 + SecRuleRemoveById 960915
 + SecRuleRemoveById 200003
 + </​Location>​
         # do not log request/​response body         # do not log request/​response body